From 96af868652c17319112bd7487ec9c5e99d6743a7 Mon Sep 17 00:00:00 2001
From: MaxymVlasov <MaxymVlasov@users.noreply.github.com>
Date: Mon, 3 Mar 2025 13:59:09 +0200
Subject: [PATCH 1/6] chore(linters): Introduce hadolint config file and
 reorder linters

---
 .hadolint.yaml          |  9 +++++++
 .pre-commit-config.yaml | 55 +++++++++++++++++------------------------
 2 files changed, 32 insertions(+), 32 deletions(-)
 create mode 100644 .hadolint.yaml

diff --git a/.hadolint.yaml b/.hadolint.yaml
new file mode 100644
index 000000000..57dd20f56
--- /dev/null
+++ b/.hadolint.yaml
@@ -0,0 +1,9 @@
+ignored:
+- DL3007  # Using latest
+- DL3013  # Pin versions in pip
+- DL3027  # Do not use apt
+- DL3059  # Docker `RUN`s shouldn't be consolidated here
+- DL4006  # Not related to alpine
+- SC1091  # Useless check
+- SC2015  # Useless check
+- SC3037  # Not related to alpine
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index e499d49a8..c6d334503 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -47,9 +47,13 @@ repos:
   hooks:
   - id: gitleaks
 
-#
-# YAML Linters
-#
+# Dockerfile
+- repo: https://github.com/hadolint/hadolint
+  rev: v2.12.1-beta
+  hooks:
+  - id: hadolint
+
+# YAML
 - repo: https://github.com/jumanjihouse/pre-commit-hook-yamlfmt
   rev: 0.2.3
   hooks:
@@ -71,7 +75,7 @@ repos:
     args:
     - --strict
 
-# JSON5 Linter
+# JSON5
 - repo: https://github.com/pre-commit/mirrors-prettier
   rev: v3.1.0
   hooks:
@@ -79,6 +83,21 @@ repos:
     # https://prettier.io/docs/en/options.html#parser
     files: .json5$
 
+# Bash
+- repo: https://github.com/jumanjihouse/pre-commit-hooks
+  rev: 3.0.0
+  hooks:
+  - id: shfmt
+    args:
+    - -l
+    - -i
+    - '2'
+    - -ci
+    - -sr
+    - -w
+  - id: shellcheck
+
+# Python
 - repo: https://github.com/pre-commit/mirrors-mypy.git
   rev: v1.15.0
   hooks:
@@ -133,31 +152,3 @@ repos:
     - --lineprecision-report=.tox/.tmp/.test-results/mypy--py-3.9
     - --txt-report=.tox/.tmp/.test-results/mypy--py-3.9
     pass_filenames: false
-
-- repo: https://github.com/jumanjihouse/pre-commit-hooks
-  rev: 3.0.0
-  hooks:
-  - id: shfmt
-    args:
-    - -l
-    - -i
-    - '2'
-    - -ci
-    - -sr
-    - -w
-  - id: shellcheck
-
-# Dockerfile linter
-- repo: https://github.com/hadolint/hadolint
-  rev: v2.12.1-beta
-  hooks:
-  - id: hadolint
-    args:
-    - --ignore=DL3007  # Using latest
-    - --ignore=DL3013  # Pin versions in pip
-    - --ignore=DL3027  # Do not use apt
-    - --ignore=DL3059  # Docker `RUN`s shouldn't be consolidated here
-    - --ignore=DL4006  # Not related to alpine
-    - --ignore=SC1091  # Useless check
-    - --ignore=SC2015  # Useless check
-    - --ignore=SC3037  # Not related to alpine

From b45bb4e0905ab3ff9da5b1c03fb0b8ec2475126c Mon Sep 17 00:00:00 2001
From: MaxymVlasov <MaxymVlasov@users.noreply.github.com>
Date: Fri, 21 Mar 2025 20:29:14 +0200
Subject: [PATCH 2/6] Move hadolint ignores to meaningful locations

Sadly, but hadolint ignore doesn't work if there any symbol
on the same line - ignore stop working.
That's why set justification on different line to hadolint ignore comment
---
 .hadolint.yaml   |  9 ---------
 Dockerfile       |  5 +++++
 tests/Dockerfile | 10 ++++------
 3 files changed, 9 insertions(+), 15 deletions(-)
 delete mode 100644 .hadolint.yaml

diff --git a/.hadolint.yaml b/.hadolint.yaml
deleted file mode 100644
index 57dd20f56..000000000
--- a/.hadolint.yaml
+++ /dev/null
@@ -1,9 +0,0 @@
-ignored:
-- DL3007  # Using latest
-- DL3013  # Pin versions in pip
-- DL3027  # Do not use apt
-- DL3059  # Docker `RUN`s shouldn't be consolidated here
-- DL4006  # Not related to alpine
-- SC1091  # Useless check
-- SC2015  # Useless check
-- SC3037  # Not related to alpine
diff --git a/Dockerfile b/Dockerfile
index 59bc2fd7b..22dad8901 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -65,6 +65,8 @@ RUN if [ "$INSTALL_ALL" != "false" ]; then \
         echo "TRIVY_VERSION=latest"          >> /.env \
     ; fi
 
+# Docker `RUN`s shouldn't be consolidated here
+# hadolint global ignore=DL3059
 RUN /install/opentofu.sh
 RUN /install/terraform.sh
 
@@ -81,6 +83,9 @@ RUN /install/trivy.sh
 
 
 # Checking binaries versions and write it to debug file
+
+# We do not use `echo` flags here, so it's false-positive
+# hadolint ignore=SC3037
 RUN . /.env && \
     F=tools_versions_info && \
     pre-commit --version >> $F && \
diff --git a/tests/Dockerfile b/tests/Dockerfile
index ec77d18af..d64ba61e0 100644
--- a/tests/Dockerfile
+++ b/tests/Dockerfile
@@ -1,11 +1,9 @@
+# We use `latest` tag for tests proposes
+# hadolint ignore=DL3007
 FROM pre-commit-terraform:latest
 
-RUN apt update && \
-    apt install -y \
-        datamash \
-        time && \
-    # Cleanup
-    rm -rf /var/lib/apt/lists/*
+RUN apk add --no-cache \
+    datamash=~1.8
 
 WORKDIR /pct
 ENTRYPOINT [ "/pct/tests/hooks_performance_test.sh" ]

From 79e43ad54e2747dc7782953e6f2818cda20be1b9 Mon Sep 17 00:00:00 2001
From: MaxymVlasov <MaxymVlasov@users.noreply.github.com>
Date: Fri, 21 Mar 2025 21:54:40 +0200
Subject: [PATCH 3/6] One more check pop-up

---
 Dockerfile | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 1fe8e400a..cce9acc45 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -84,8 +84,9 @@ RUN /install/trivy.sh
 
 # Checking binaries versions and write it to debug file
 
-# We do not use `echo` flags here, so it's false-positive
-# hadolint ignore=SC3037
+# SC3037 - We do not use `echo` flags here, so it's false-positive
+# DL4006 - Not Applicable for for /bin/sh in alpine images. Disable, as recommended by check itself
+# hadolint ignore=SC3037,DL4006
 RUN . /.env && \
     F=tools_versions_info && \
     pre-commit --version >> $F && \

From d9993be02f0c1719a133a28dd221f7983d0fe4f8 Mon Sep 17 00:00:00 2001
From: Maksym Vlasov <MaxymVlasov@users.noreply.github.com>
Date: Sat, 22 Mar 2025 01:49:53 +0200
Subject: [PATCH 4/6] Fix echo params

---
 Dockerfile | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index cce9acc45..1b277e6e1 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -85,8 +85,7 @@ RUN /install/trivy.sh
 # Checking binaries versions and write it to debug file
 
 # SC3037 - We do not use `echo` flags here, so it's false-positive
-# DL4006 - Not Applicable for for /bin/sh in alpine images. Disable, as recommended by check itself
-# hadolint ignore=SC3037,DL4006
+# hadolint ignore=SC3037
 RUN . /.env && \
     F=tools_versions_info && \
     pre-commit --version >> $F && \
@@ -104,7 +103,7 @@ RUN . /.env && \
     (if [ "$TFSEC_VERSION"          != "false" ]; then echo "tfsec $(./tfsec --version)" >> $F;       else echo "tfsec SKIPPED" >> $F          ; fi) && \
     (if [ "$TFUPDATE_VERSION"       != "false" ]; then echo "tfupdate $(./tfupdate --version)" >> $F; else echo "tfupdate SKIPPED" >> $F       ; fi) && \
     (if [ "$TRIVY_VERSION"          != "false" ]; then echo "trivy $(./trivy --version)" >> $F;       else echo "trivy SKIPPED" >> $F          ; fi) && \
-    echo -e "\n\n" && cat $F && echo -e "\n\n"
+    printf "\n\n\n" && cat $F && printf "\n\n\n"
 
 
 

From edd0b91d4901e0faa5b56314ae564e443d6685e0 Mon Sep 17 00:00:00 2001
From: MaxymVlasov <MaxymVlasov@users.noreply.github.com>
Date: Tue, 25 Mar 2025 13:41:12 +0200
Subject: [PATCH 5/6] fix issues

---
 Dockerfile | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 1b277e6e1..24ac91e83 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -84,14 +84,14 @@ RUN /install/trivy.sh
 
 # Checking binaries versions and write it to debug file
 
-# SC3037 - We do not use `echo` flags here, so it's false-positive
-# hadolint ignore=SC3037
+# SC2086 - We do not need to quote "$F" variable, because it's not contain spaces
+# DL4006 - Not Applicable for for /bin/sh in alpine images. Disable, as recommended by check itself
+# hadolint ignore=SC2086,DL4006
 RUN . /.env && \
     F=tools_versions_info && \
     pre-commit --version >> $F && \
     (if [ "$OPENTOFU_VERSION"       != "false" ]; then ./tofu --version | head -n 1 >> $F;            else echo "opentofu SKIPPED" >> $F       ; fi) && \
     (if [ "$TERRAFORM_VERSION"      != "false" ]; then ./terraform --version | head -n 1 >> $F;       else echo "terraform SKIPPED" >> $F      ; fi) && \
-
     \
     (if [ "$CHECKOV_VERSION"        != "false" ]; then echo "checkov $(checkov --version)" >> $F;     else echo "checkov SKIPPED" >> $F        ; fi) && \
     (if [ "$HCLEDIT_VERSION"        != "false" ]; then echo "hcledit $(./hcledit version)" >> $F;     else echo "hcledit SKIPPED" >> $F        ; fi) && \

From bfae8531d57de03448cf3ae8478af0403b7379be Mon Sep 17 00:00:00 2001
From: Maksym Vlasov <MaxymVlasov@users.noreply.github.com>
Date: Tue, 25 Mar 2025 15:24:40 +0200
Subject: [PATCH 6/6] Apply suggestions from code review

Co-authored-by: George L. Yermulnik <yz@yz.kiev.ua>
---
 Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Dockerfile b/Dockerfile
index 24ac91e83..4c69f2586 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -85,7 +85,7 @@ RUN /install/trivy.sh
 # Checking binaries versions and write it to debug file
 
 # SC2086 - We do not need to quote "$F" variable, because it's not contain spaces
-# DL4006 - Not Applicable for for /bin/sh in alpine images. Disable, as recommended by check itself
+# DL4006 - Not Applicable for /bin/sh in alpine images. Disable, as recommended by check itself
 # hadolint ignore=SC2086,DL4006
 RUN . /.env && \
     F=tools_versions_info && \